cbcvebase.

Agent-Zero vulnerabilities

5 known vulnerabilities affecting agent-zero/agent-zero.

Total CVEs
5
CISA KEV
0
Public exploits
1
Exploited in wild
1
Severity breakdown
HIGH2MEDIUM1LOW2

Vulnerabilities

Page 1 of 1
CVE-2025-55523P2LOWCVSS 3.5ExploitedPoC≥ 0.8, ≤ 0.9.42025-08-21
CVE-2025-55523 [LOW] CWE-22 CVE-2025-55523: An issue in the component /api/download_work_dir_file.py of Agent-Zero v0.8.* allows attackers to ex An issue in the component /api/download_work_dir_file.py of Agent-Zero v0.8.* allows attackers to execute a directory traversal.
nvd
CVE-2026-30624P3HIGHCVSS 8.6v0.9.82026-04-15
CVE-2026-30624 [HIGH] CWE-77 CVE-2026-30624: Agent Zero 0.9.8 contains a remote code execution vulnerability in its External MCP Servers configur Agent Zero 0.9.8 contains a remote code execution vulnerability in its External MCP Servers configuration feature. The application allows users to define MCP servers using a JSON configuration containing arbitrary command and args values. These values are executed by the application when the configuration is applied without sufficient validation or res
nvd
CVE-2025-3547P3MEDIUMCVSS 6.3v0.8.1.22025-04-14
CVE-2025-3547 [MEDIUM] CWE-22 CVE-2025-3547: A vulnerability classified as critical was found in frdel Agent-Zero 0.8.1.2. This vulnerability aff A vulnerability classified as critical was found in frdel Agent-Zero 0.8.1.2. This vulnerability affects unknown code of the file /get_work_dir_files. The manipulation of the argument path leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
nvd
CVE-2025-55524P3HIGHCVSS 7.3≥ 0.8, < 0.9.02025-08-21
CVE-2025-55524 [HIGH] CWE-732 CVE-2025-55524: Insecure permissions in Agent-Zero v0.8.* allow attackers to arbitrarily reset the system via unspec Insecure permissions in Agent-Zero v0.8.* allow attackers to arbitrarily reset the system via unspecified vectors.
nvd
CVE-2025-6166P4LOWCVSS 3.5fixed in 0.8.4.12025-06-17
CVE-2025-6166 [LOW] CWE-22 CVE-2025-6166: A vulnerability was found in frdel Agent-Zero up to 0.8.4. It has been rated as problematic. This is A vulnerability was found in frdel Agent-Zero up to 0.8.4. It has been rated as problematic. This issue affects the function image_get of the file /python/api/image_get.py. The manipulation of the argument path leads to path traversal. Upgrading to version 0.8.4.1 is able to address this issue. The identifier of the patch is 5db74202d632306a883ccce7339c5b
nvd
Agent-Zero vulnerabilities | cvebase